Why the IRS Is Having Such a Tough Time Fighting Hackers

Congress holds a hearing to determine just how secure the IRS is after May's data breach, and the results are not heartening.

NEW YORK (TheStreet) -- Internal Revenue Service Commissioner John Koskinen appeared before the Senate Finance Committee Tuesday morning to answer questions about last month's data breach in the IRS "Get Transcript" program, as well as overall data security at the IRS.

The "Get Transcript" breach occurred last month when identity thieves stole the personal information of more than 100,000 taxpayers. Unlike other recent attacks, in this breach hackers did not actually break into the government computers.

Instead, they logged in legitimately using personal information and Social Security numbers acquired illegally, then downloaded the users' tax forms and personal data.

"This past filing season, our fraud filters stopped almost three million fraudulent returns before processing them, an increase of over 700,000 from the year before," Koskinen said. "But, even though we have been effective at stopping individuals perpetrating these crimes, we find that we are dealing with more and more organized crime syndicates here and around the world."

Although the breach began in February, according to Koskinen's testimony before Congress, the agency hadn't noticed until after filing season ended.

The traffic was masked by the elevated traffic of taxpayers, causing IRS officials to dismiss the increased attempts to access agency Web sites among the flood of traffic normally experienced during the months of April and March. When filing season ended and the traffic continued, they knew something was wrong.

In response, the IRS has shut down the "Get Transcript" application, which allows users to gain access to their old tax records, for the time being.

Tuesday's hearing focused on next steps forward. Amid a session that often seemed as much about political posturing as security, one theme emerged from the embattled IRS commissioner: resources.

Frequently during the proceedings, Koskinen reminded the panel of the agency's requests and limitations in the face of punishing budget cuts which have hampered its ability to prepare for and respond to cyberattacks.

When asked what the IRS agency was doing to help taxpayers whose data was stolen, Koskinen reminded the Senators that, "there are numbers that they can call, but as you know our ability to get people on the phone is not as much as we would like it to be."